We have a strange behaviour of Windows 2008 servers servers in our network. It is dealing with IPv6 configuration.

We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure. So everything's going reasonably good, but one strange thing.

We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.

It is placed in DMZ. There is a firewall between it and all other corpnet.

So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings, everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway" to interoperate with all other IPv4 servers.

When a server in a corpnet has !NO! IPv6 enabled in Network Settings, and DO HAS an access to the ISATAP router, then it get the IPv6 address from it and starts trying to interoperate with the other network resources using its IPv6 address as a default source address, but here it fails to send anything, because it has no IPv6 protocol enabled on an interface in Network Settings. This behaviour leeds to corpnet resources inavailability to the server.

Is it "by design" behaviour, or this situation is caused by design mistakes or so?

Thanks a lot for Your support. As I guess from above posts this behavior IS "by design", am I right? So would You be so kind to give me a hint of a correct key I am to change in group policy to disable ISATAP interface?

If you desire to allow ISATAP for only a choice of therapy servers, then you certainly can remove the ISATAP entry from DNS and place it all through the HOSTS document belonging using the therapy servers.

We are deploying ForeFront UAG 2010 with SP1 with DirectAccess feature in IPv4 network infrastructure. So everything's going reasonably good, but one strange thing.

We are having ForeFront UAG 2010 with SP1 installed operating as ISATAP router and DNS64 and NAT64.

It is placed in DMZ. There is a firewall between it and all other corpnet.

So when a server in a corpnet is granted an access to the ISATAP router, and have IPv6 enabled on an interface in Network Settings, everything's going fine. It receives an IPv6 address and starts using it as a default source address in its interoperation with the other network resources. Thus it is using the ISATAP router as a "router" to access other IPv6 servers and a "gateway" to interoperate with all other IPv4 servers.